Encryption

QBO 3 supports data encryption by supporting an IEncryption interface. Encryption providers can be implemented as plug-ins. IEncryption supports the following logical functions:

  • List Keys
    • Returns a list of keys with key attributes
  • Import Keys
    • Import feature allows for keys to be dragged onto screen or imported by pasting text
  • Create Key
    • Private keys can be created with key options such as Algorithm {DSA|RSA}, Bits, Passphrase
  • Export Key
    • Keys can be exported to share with trading partners
  • Encrypt()
  • Decrypt()

Keys for a given keystore can be managed from the encryption dashboard. The encryption dashboard is accessible from Design->Configuration->Encryption. The dashboard offers the basic functionality listed above. Encryption providers can be specified by adding Encryptor entries to qbo.SecurityWeb/config/Encryption.config. The following explains each configuration field for the Encryptor:

  • Name - Label for Encryptor. Must be unique. Eg. 'SecureBlackbox'
  • Type - Assembly type. Eg. 'qbo.Encryption.SecureBlackbox.BlackBox, qbo.Encryption.SecureBlackbox'
Optional
  • PublicKeySubscriberID - Attachment.SubscriberID for Public Key file. This assumes attachment has been seeded.
  • PrivateKeySubscriberID - Attachment.SubscriberID for Private Key file. This assumes attachment has been seeded.
  • PassphraseSubscriberID - Attachment.SubscriberID for Passphrase file. This file contains the passphases tied to each key which facilitate automated passphrase access during decryption
It's important to note the Attachment records for each SubscriberID above all reside on a centralized file store (Eg. AmazonS3) so that multiple machines can access files.

Initial Encryption Setup

Currently, Secure Blackbox is the only implemented plug-in.
  • Deploy
    • qbo.Security
    • qbo.SecurityWeb
    • Plugins/Encryption/qbo.Encryption.SecureBlackbox
  • Ensure the following dependency dlls exist in bin folder
    • SecureBlackbox.dll
    • SecureBlackbox.PGP.dll
    • SecureBlackbox.PKI.dll
  • Run seed script Encryption/qbo.Encryption.SecureBlackbox/Config/Setup.SecureBlackbox.xml by manually importing using Import/ImportFile.ashx/TestHarness. This will create and seed the attachment files used by the SecureBlackbox plug-in.
  • Navigate to Design->Configuration->Encryption. The key list should draw with no keys. Keys can be created, imported, deleted, exported.

Attachment File Stores Using Encryption

TBD
Comments